Computer Defenses Question

[SD Nihil]

I want to make sure for my two future computers they have good defenses. The two are the game computer you guys are helping to design. And the other is the computer that is a discounted 3yr old computer for the family for their stuff. Please tell me if this is a good combination or if there is better. Your recommendations.

 

For e-mail spam protection I use Spamfighter for Outlook Express.

 

For ad and malware I use Ad-Aware and MalWare Bytz. Malware Bytz my independent tech replaced Spybot Search and Destroy with. Is this good that he replaced it with that?

 

I sue Firefox with the addons CustomizeGoogle, KeyScrambler, Gmail MIME, and of course Window Update.

 

For viruses I ue AVG Free and the ZoneAlarm Firewall. I use CCleaner for registry error correction and Add/Remove programs management and to remove entrys that don't go away for a program that is already removed. I use Secunia PSI to protect against the programs getting hacked. Like for example protection against a Quicktime program hack.

 

I've also secured my router which is a WRT54GS v5. I have an admin and encryption passwords that are 30 characters long. I'm using WPA2 encryption. I have DNS filtering on. I have the wireless firewall on, and in the Applications and Programs tab I've put in a port configuration that allows the hacker to go to a false IP address when trying to hack.

 

Finally, I use anti rootkits. They are IceSword, PAVARK, McFee Anti Rootkit, AVG.

 

Please let me know if all of this is a good combo, what to change, remove, or change. Thanks.

[Det. Bart Lasiter]

i changed my server's iptables config to function as a router as well

 

since i'm behind that i just use windows firewall. then i use avg and ad-aware for anti-virus/spyware. i run ccleaner occasionally as well.

[Astrotoy7]

I do pretty much what sweety jmac does, except I use avast insted of avg. I hate bloating my system with that security crud. Avast, cc cleaner and occasional spybot and ad aware. Windows firewall is on, and my router has a hardware firewall. Ive never had any virus related issues. The only times ive needed to reformat are entirely my own choice(or wrongdoing)

 

One thing I would like to mention... some people seem so concerned about computer security from the perspective of 'outside attack'. Unless you are a megacorp, you have a mightily high opinion of your 1337 KOTOR rig and its potential worth to hacksters, their wallets or their reps.

 

Fact of the matter simply is, most home pc users worst enemy is themselves. Be it incomplete basic security measures, and/or unsafe browsing and p2p habits, thats the type of stuff that lands most home users in a mess.

 

The security measures we adopt are to protects ourselves from the adverse effects of our net behaviour. However, if Norton and friends marketed in like that, I dont think theyd sell as many copies of 'Your such a Dumbass Security Suite'

 

mtfbwya

[SD Nihil]

How is avast better from avg? So the Windows firewall is better than Zonealrm. Speaking of Norton and McFee another thing about them is they are true resource hogs. I'm just happy ZoneAlarm isn't such a resource hog. What about my rootkit protections. I have 4 and I know that's probably not necessary. The thing is, I don't know what one detects that the other doesn't or which one does al of.

 

Yeah with my router I recently did that securing. How I did it is I one day was playing EaW and I got a message from ZoneAlarm telling me NetBIOS attempted to access the internet and was blocked successfully. I use my router hardwired for the 360 through one of the ports.

 

I then look up this netbios and what it means. It is the first point that two computers have to make connection wise before the two computers can communicate. Well I wasn't communicating with another computr or have another on the network since the router is for the 360.

 

So at that point I thought hack. So I find out that's how hackers can hack routers. I tehn learn how to prevent it and secure my router. Twice after that ZoneAlarm blocked whoever this guy was. I got a message in Aug. thal there was nothing to be concerned of, but someone tried to use port 53 to send info, but was stopped successfully.

[Det. Bart Lasiter]

1. It's pretty difficult to detect rootkits, if you get rooted, you're pretty much rooted until you reinstall.

 

2. NetBT hasn't been used since the 80s, it's an obsolete protocol, but Windows has a wrapper for it so that legacy programs that rely on it can still function, which can be disabled. It's a service called TCP/IP NetBIOS Helper and that was what was trying to access the internet. No one was trying to hack you, if someone was your firewall would have said it detected an intrusion attempt and not that something was trying to access the internet.

[Astrotoy7]

How is avast better from avg? So the Windows firewall is better than Zonealrm. Speaking of Norton and McFee another thing about them is they are true resource hogs. I'm just happy ZoneAlarm isn't such a resource hog. What about my rootkit protections. I have 4 and I know that's probably not necessary.

 

I dont want to start the whole 'avast vs avg' nerdfest. Lets just say they are both decent freeware solutions that will do all the basic things an AV program should do. AVG probably has one too, but avast has an MS outlook plugin which is very handy for myself as I use outlook *alot*.

 

One thing not mentioned yet >> rather than all the bloaty third party rubbish, some simple indicators that direct you towards safer surfing habits will go much further in protecting your system, and not interfering with other stuff. Hence, these firefox extensions can be very useful:

>adblock plus

>adblock plus filterset updater eg. Easy List(USA)

>WOT (web of trust). Firefox users around the world report harmful sites(as they traverse them), when you get to such sites, this extension will warn you about it. You can then decide what to do. Simple and great idea. I like how it asks you what to do rather than putting your pc into lockdown like many other proggies do.

 

Great thing about these extensions, they run with firefox and dont hog up a buttload of resources.

 

Last but not least: some suggestions for those who P2P

*port forward a single port for your programs to use. This usually requires you assign a static IP for a particular rig. pretty easy to do.

*Use peer guardian

 

good luck

 

mtfbwya

[Det. Bart Lasiter]

PeerGuardian is useless. The only anonymous P2P network I can think of right now is Perfect Dark, and that isn't because it uses blocklists.

[Da_man]

McAffe isn't a huge resource hog, but it takes up a good size amount. I'd suggest setting your virus scanner to scan your computer regularly, like once a week at the least, and set it so it scans automatically when you are asleep, for example.

 

The overall best way to keep yourself virus free is to use common sense while on the intenet. Don't download from disreputable sites, or fall for pop-ups that say that you will get [x] amount of money if you downlaod this program, etc.

 

I'd give Google Chrome a whirl, because it will alert you when malware has been found on a website. However, I'm not sure how accurate it is, because it said it found malware on one of the threads around here once.

[Astrotoy7]

PeerGuardian is useless. The only anonymous P2P network I can think of right now is Perfect Dark, and that isn't because it uses blocklists.

 

aww, it aint that bad

 

Sure, networking Amazons like yerself may find it extraneous and irrelevant, but I cant think of an easier way to stop a 12 teenage girl getting malware off limewire damn niece-in laws.

 

I dont use it atm because I like to live dangerous like

 

mtfbwya

[Det. Bart Lasiter]

aww, it aint that bad

 

Sure, networking Amazons like yerself may find it extraneous and irrelevant, but I cant think of an easier way to stop a 12 teenage girl getting malware off limewire damn niece-in laws.

 

I dont use it atm because I like to live dangerous like

 

mtfbwya

I can. Block Limewire from connecting. Actually that's pretty much the only way that will actually work.

[SD Nihil]

I dont want to start the whole 'avast vs avg' nerdfest. Lets just say they are both decent freeware solutions that will do all the basic things an AV program should do. AVG probably has one too, but avast has an MS outlook plugin which is very handy for myself as I use outlook *alot*.

 

Outlook as in outlook express? Or outlook as in the mail program? Well they are both mail programs. Also, is this Google Chrome an extension or something?

 

Finally, there is this online tool called Shields Up. And what it does is checks to see if your ports are silent to hackers trying to ping or get info from them. This is importatn to prevent them from hacking you. If they can't get into ports or get info from them they can't do much at all. I hope everyone in this test gets a 100 percent score: https://www.grc.com/x/ne.dll?bh0bkyd2

[Det. Bart Lasiter]

Outlook as in outlook express? Or outlook as in the mail program? Well they are both mail programs. Also, is this Google Chrome an extension or something?

 

Finally, there is this online tool called Shields Up. And what it does is checks to see if your ports are silent to hackers trying to ping or get info from them. This is importatn to prevent them from hacking you. If they can't get into ports or get info from them they can't do much at all. I hope everyone in this test gets a 100 percent score: https://www.grc.com/x/ne.dll?bh0bkyd2

I'm not trying to be a dick or anything (which is surprising since I don't really like you that much), but you're kinda paranoid about being hacked. Install a decent AV program like Avast or AVG, configure your router properly, and use the built-in Windows Firewall or even something like Comodo Firewall if that doesn't do it for you. And by "configure your router properly", I mean disabling UPnP (which is used by programs to open ports on your router, but is rather lax in checking which programs are opening ports) and making sure you haven't forwarded every port on it to your computer. That's pretty much all you can do to protect it from remote attacks. For wireless security, disable SSID broadcast, use MAC address filtering, and enable WPA with AES encryption. AES has been proven to be pretty much uncrackable unless you use a weak key, in which case you kinda deserve to get hacked since there are programs like KeePass to generate strong passwords and manage logins for various things.

 

Other than that, schedule regular AV/malware/spyware scans, run CCleaner every once in a while, and stop using Outlook Express, with your paranoia I'm surprised you haven't heard about its eventful past with exploits. Mozilla puts out Thunderbird which is more secure, it also has the Lightning extension to manage your calender and whatever else.

 

Chrome is a browser that was written by Google, it's still in the beta stages, but it doesn't leak as much memory as Firefox and it has a decent amount of features. To me, the only browsers worth using right now are Firefox and Opera though, Firefox has a ton of features and customization options, but it has a bunch of memory leaks (which is just a matter of programmers not freeing up memory they've allocated and not some sort of vulnerability in case you were wondering) and will end up using a ton of memory over a long period of time. Opera doesn't have quite as many features, but it also uses a negligible amount of memory (less than Firefox, Chrome, and IE by far). Both are secure.

 

That Shields Up site is misleading since if you're behind a router it'll just tell you which ports you have forwarded, which you can find out by checking your router's configuration. And I'd rather not get a 100 on that site since that would mean my server's down and I can't use SSH or BitTorrent :/

 

http://www.utorrent.com/testport.php?port=##### (replace ##### with a number between 1 and 65535 to check that port)

 

Last thing: root kit detectors are pretty useless, a root kit modifies your OS to take commands from another user, "root kit detectors" run on top of the OS, and rely on the OS for their input, so they're incredibly difficult to detect if you can detect them at all.

 

---

 

And if none of that convinces you to ease up a bit, I'd recommend installing Fedora Core and coming up with a really strict SELinux policy and iptables configuration with deep packet inspection.

[SD Nihil]

Thank you jmac for your helpful sucggestions. I appreciate them. Actually I'm not worried or paranoid. I was just asking just confirming I have good enough defenses for my computer. I'm one of those guys that likes to learn all he can and improve upon things. I was just also sharing an interesting story I thougt was a hack. If I was wrong that's great I'm happy it wa nothing. That's great I was just talking to you guys that know a heck of a lot more than me when it comes to techy stuff.

 

Na I'm not paranoid at all. I'm fine. I was just seeking your adice. I appreciate it. I hope that shields up helps somebody. I like contributing. Thank you again jmac. I'm sorry you don't like me. I think your a smart and cool guy. Whatever it is please feel free to private message me about it.

[RoxStar]

I use a Mac.

 

*starts fire*

 

 

All jokes aside, I run Zone Alarm and AVG on my PC. Keeps things running nice and smooth.

[Q]

For antivirus, I use Avira. I also use COMODO Firewall Pro. For active protection against spyware I use Spybot, SpywareBlaster and Windows Defender. For spyware scanning I use Ad-Aware and SuperAntispyware. I update them regularly and I run Crap Cleaner before scanning.

 

All of these apps are free.

[SD Nihil]

Nice combo there. When I saw the word pro I thought must be one you have to buy. Again SD is proven wrong. lol. Have any of you tried Secunia PSI. Like I said it gives direct patches to programs you have that are not patched against hackers. It gives security patches too. It also alerts you of end of life programs. Meaning if you have an out of date Google Earth version it will tell you. Have you guys tried it yet?

[Q]

Those who use their computers for private use should never have to pay for security software. Those that do are getting ripped off.

[Astrotoy7]

Those who use their computers for private use should never have to pay for security software. Those that do are getting ripped off.

 

 

Perfectly summed up Q. Youve said in one sentence what the rest of us have been meandering around for paragraphs

 

@jmac. This isnt your myspace page. No one cares who you like or not.

 

We want tech forum visitors to feel comfortable to submit queries, and come back. Being rude is not conducive to that, and quite irrelevant to the topic at hand.

 

Youve given us all some great info, just leave it at that next time, sans the blog element

 

mtfbwya

[SD Nihil]

I agree with both of you Astro an Q. Thanks Astro for having my back. I have urs too. However, what do you guys think of Secunia PSI like I said? Yeah it's sad you'll have programs out there that can be so dishonest. Ever heard of an advertizement for a free virus scan only to find that once you scan you now have to buy the product to actually get rid of the viruses. I guess they are not truly lieing in that it did say free scan, but just not free cleaning of any viruses. Ah what a world. lol.

[Astrotoy7]

Cmon SD. We're not in a street gang. No need to have our backs covered

 

I just want everyone to stay on topic and be courteous It should be easy with such inert subject matter!

 

carry on!

 

mtfbwya

[SD Nihil]

Cmon SD. We're not in a street gang. No need to have our backs covered

 

Ah you know what I meant. Dang symantecs lol. But anyway, so from earlier wht I'm getting is I just shouldn't have anti rootkit software on hand since if a bad guy gets in it's really up to a reinstall to get rid of them? Also, I recently had the tech come over and maintance my computer and he did find a few processes that shouldn't have been running. As a result my computer is faster. How do you find out what processes are running? And are they in names you can recognize or are they in the form of some file name?

[Astrotoy7]

Dang symantecs lol.

 

Im not sure if that was deliberate or not, but that is a superb pun cosnidering the topic

 

to see what processes you are running, you need to bring up the task manager >

 

theres a few ways to get there, I like to make a direct shortcut from the

C>windows>system32>taskmgr applet

 

You can also use

Start>run>taskmgr or press ctrl/alt/del There is a tab for processes. The dead giveaways for malware related ones look like this >> hsgdhgjhgk. or something more deliberate like "adbar" (not related to admiral ackbar)

 

There are other sneakier ones that are named very similar or supplant existing processes.

 

There are lists out there that explain what each process is, and what to look out for.

 

mtfbwya

[Q]

@SD: Astro was simply reminding jaymack to keep the elitist douchebaggery in Ahto and Rasputin's Domain where it belongs. He is a moderator here, after all.

[SD Nihil]

@SD: Astro was simply reminding jaymack to keep the elitist douchbaggery in Ahto and Rasputin's Domain where it belongs. He is a moderator here, after all.

 

Of course. I was just joking. Having a little fun. I've moved on and am not brining it up again. I agree it's off topic to continue to talk about it.

 

Anyway, back to the topic and what I was asking...what do you guys think of shields up online tool, Secunia PSI, and from what I'm getting you guys are saying anti rootkits are useles once a hacker gets in and your rooted, and that the only solution at that point to get them out is to reinstall windows?

[RoxStar]

I don't understand why you need all that security software. Are you behind a router?